Start preparing for your Next Exam | Use coupon – TOGETHER | Avail 30% discount

Creating Management Groups

  1. Home
  3. Creating Management Groups

Return to AZ-104 Tutorial

Management groups are referred to as containers that help you manage access, policy, and compliance across multiple subscriptions. We may create these containers to build an effective and efficient hierarchy that are used with Azure Policy and Azure Role-Based Access Controls. Now we will discuss more about management groups and how to create them.

Steps to Create a Management Group

The Azure AD User in the tenant is able to create a management group without the management group write permission assigned to that user. In which case the new management group will be a child of the Root Management Group and the creator will be given an “Owner” role assignment. Also, the Management group service allows this ability so that role assignments are not needed at the root level. No users have access to the Root Management Group when it is created. Therefore in order to avoid the hurdle of finding the Azure AD Global Admins to start using management groups, we allow the creation of the initial management groups at the root
level.

You can create the management group by using the portal, a Azure Resource Manager template, PowerShell, or Azure CLI.

Steps to Create in Portal

Management groups
  • First, log into the Azure portal.
  • Second, Select All services > Management + governance.
  • Then, Select Management Groups.
  • Next, Select + Add management group.
  • After that, fill in the management group ID field – The Management Group ID and display name field is the name that is displayed within the Azure portal
  • Lastly, Select Save.
Practice Test for AZ-104

Steps to Create in Azure PowerShell

We must use the New-AzManagementGroup cmdlet to create a new management group, for PowerShell,

New-AzManagementGroup -GroupName ‘Contoso’

You must remember that the GroupName is a unique identifier being created. This ID is used by other commands to reference this group such that it can’t be changed later.

In case you wish to show a different name of the management group within the Azure portal, then add the DisplayName parameter.

Steps to Create in Azure CLI

We use the az account management-group create command to create a new management group, for Azure CLI.

az account management-group create –name Contoso

Further, note that the name is a unique identifier being created. Such that this ID is used by other commands to reference this group and it can’t be changed later.

Microsoft AZ-104 Online Course

Reference: Microsoft Documentation

Return to AZ-104 Tutorial

Menu